aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-11-04 08:17:17 -05:00
Code

Use the proxied URI to verify server certificates

Browse Source 
Otherwise, the verification fails when using a HTTPS proxy because ELinks checks
whether the proxy matches the certificate.

Signed-off-by: Fabienne Ducroquet <fabiduc@gmail.com>
This commit is contained in:
Fabienne Ducroquet 2016-04-12 20:55:47 +02:00 committed by Witold Filipczyk
parent 4efea7e314
commit 73b09749ac
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/network/ssl/socket.c
View File

@ -156,7 +156,7 @@ verify_certificates(struct socket *socket)
* only contain ASCII characters. Internationalized domain
* names must thus be in Punycode form. Because GnuTLS 2.8.6
* does not itself support IDN, ELinks must convert. */
hostname = get_uri_string(conn->uri, URI_HOST | URI_IDN);
hostname = get_uri_string(conn->proxied_uri, URI_HOST | URI_IDN);
if (!hostname) return -6;
ret = !gnutls_x509_crt_check_hostname(cert, hostname);
@ -313,7 +313,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
socket = SSL_get_ex_data(ssl, socket_SSL_ex_data_idx);
conn = socket->conn;
host_in_uri = get_uri_string(conn->uri, URI_HOST | URI_IDN);
host_in_uri = get_uri_string(conn->proxied_uri, URI_HOST | URI_IDN);
if (!host_in_uri)
return 0;